Ransomware, Breach, Content, Malware

Ransomware Strike Interrupts Patient Care Across Five-State Healthcare System

Search Hacked warning on laptop Concept of privacy data being hacked and breached from internet technology threat. 3d renderring.

Cyber extortionists have hit a Los Angeles-based medical holdings company in an extensive ransomware attack that brought multiple hospitals and clinics in five states to a virtual standstill.

Prospect Medical Holdings, a for profit hospital chain that owns 16 hospitals and 165 outpatient facilities across California, Connecticut, Pennsylvania, Rhode Island and Texas, said it had suffered the attack on Thursday, August 3, the Associated Press (AP) reported. Hospital officials acknowledged a "data security incident" but it's unknown if there was an actual theft of data or to what extent.

As a result, emergency rooms closed, ambulances were diverted, and workers had to revert to pen and paper, according to the report. The White House has been monitoring the cyberattack, said Adrienne Watson, a spokesperson for the National Security Council.

Extortion Plot Brewing?

At this point, the identity of the cyber attackers is unknown and no ransom demand, if the cyber crew has made one, has been made public. Given the nature of the infiltration, it has the makings of a lucrative data extortion plot.

Information on the web targeting a data-rich hospital chain and extending over a number of states and medical facilities is at the nexus of the incident.

The Federal Bureau of Investigation said in a statement that it is investigating the Prospect incidents, urging “anyone who thinks they are a victim of this incident to report to ic3.gov or your local FBI field office.”

Cybersecurity experts and law enforcement have long counseled organizations to rebuff ransom demands made by cyber kidnappers.

In a statement, Prospect said:

"Prospect Medical Holdings, Inc. recently experienced a data security incident that has disrupted our operations. Upon learning of this, we took our systems offline to protect them and launched an investigation with the help of third-party cybersecurity specialists. While our investigation continues, we are focused on addressing the pressing needs of our patients as we work diligently to return to normal operations as quickly as possible."

Cyberattack Blows Patient Care Off Course

It is unclear if managed security service providers (MSSPs), including forensic experts, have been hired by Prospect to help in the post-mortem activities.

According to reports, the institutions affected include:

  • Roger Williams Medical Center and Our Lady of Fatima in Rhode Island
  • Crozer-Chester Medical System in Pennsylvania
  • Manchester Memorial, Waterbury Health and Rockville General in Connecticut

It is not known how many, or which, California and Texas facilities have been affected. In California, Prospect has seven hospitals in Los Angeles and Orange counties, according to the company’s website.

On Sunday, August 5, Eastern Connecticut Health Network posted on its web site that "Prospect Medical Holdings facilities are experiencing IT complications impacting some of our ECHN locations," denying elective surgery, medical imaging and other services to patients.

John Riggi, the American Hospital Association's senior cybersecurity advisor, told CBS News that the recovery process can often take weeks, with hospitals forced to use handwritten methods to monitor equipment or run records between departments.

In a separate comment, Riggi told the AP that hospitals have been working to shore up their cybersecurity profiles, including better and more backup systems. However, making medical facilities fully cyber locked down was nearly impossible owing to the volume of internet facing technologies.

290 Hospitals Impacted

According to cybersecurity specialist Emsisoft, hackers infected 25 healthcare providers operating 290 hospitals in 2022. Data including Protected Health Information (PHI) was exfiltrated in at least 17 cases. The most significant incident of the year was the attack on CommonSpirit Health, which operates roughly 150 hospitals. It saw 600,000 records breached in an incident late last year.

So far this year, 19 health systems spanning 33 hospitals have been hit by a ransomware attack. In 16 of the incidents data has been stolen, Emsisoft said.

Earlier this year, news reports surfaced that the closing of a Prospect-owned, nearly 100-year-old hospital in suburban Philadelphia had strained the area’s health care system to its limits. Pennsylvania's Health Department shut down the hospital after learning the facility was inadequately staffed by Prospect.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.